IoT is trending. Companies invest in new tech...
IoT definition and security issuesWhat is the Internet of Things? Basically, the term refers to any device that can be connected to the Internet or/and other gadget. Such devices are enhanced with embedded computers and sensors. The concept is anything but new: the famous Web-connected toaster was designed by John Romkey back in 1990. Yet, it is total automation that makes modern IoT gadgets so relevant. Many experts predicted 2015 would be the year of IoT; nevertheless, it was set to a bumpy start. After several reports on the gadgets’ malfunction (including the spying baby monitor and spam-infected refrigerator) made their way to the Internet, the forecasts became more conservative.
What are the reasons for IoT insecurities?
- Many IoT devices (especially wearables) are equipped with slow processors, have less memory and a short battery life. Therefore, such gadgets do not use proper authentication and encrypted communications;
- People who purchase connected devices either forget to change or fail to generate strong passwords;
- Almost 20% of mobile applications that are used to manage and control smart devices do not employ Secure Socket Layer while connecting to the Cloud.
Internet of things: biggest security challenges
- The lack of security standards for some parts of IoT landscape. AV Test, a testing agency for security products, conducted an independent research to evaluate the security of digital communication between wristbands and smartphones. It turned out that most Bluetooth-enhanced fitness trackers remain visible to other cell phones after the initial connection was established and can be accessed without password. IoT apps, in their turn, implement safe HTTPS protocols;
- Smart devices generate much data and use multiple communication channels and remote computer resources. User data (which is, according to IBM, not even used to its full potential) needs to be processed and encrypted. Currently, IT companies do not possess the necessary technologies and facilities to perform the task;
- Locally, IoT devices are connected to one and the same network and, therefore, can be accessed over the Web. In order to prevent cyberattacks, each smart device should be segmented into its own network with restricted access;
- Large IT companies haven’t fully committed themselves to developing security solutions for connected environments. By 2020, 50% of IoT solutions will be crafted by startups who sometimes lack expertise and funding;
- Market fragmentation. Most companies that manufacture connected devices focus on niche products and do not address security or interoperability issues. For example, Npower and Nest’s smart central heating systems which are employed in the UK do not operate with Honeywell thermostats. Still, these devices are somehow meant to safely collect and transfer user data to electricity retail companies.
What measures are being taken to improve IoT security?
- In 2014, the Open Interconnect Consortium was established. The major goal of the organization is to design a reliable security framework for IoT;
- During the International Standards Organization’s meeting in China the Special Working Group on IoT urged the global community to address the interoperability issue and employ security audit practices;
- The Google Thread group, Industrial Internet Consortium, AllSeen Alliance and other IoT vendors accumulate forces to specify data encryption standards;
- The introduction of dedicated IoT platforms (such as Windows 10). Such platforms employ the “defence in depth” model to enhance security on different levels, including hardware performance and data transmission.
The Internet of secure thingsThe question of connected environment security remains urgent; yet, there are several tips to improve current IoT solutions:
- Secure booting. Once an IoT device is launched for the first time, software should undergo digital verification to make sure no other program will run on that device in the future;
- Access control. Mandatory controls embedded into an operating system restrict functions of both hardware and IoT applications so that they could only access the resources essential for their performance;
- Authentication. Secure machine authentication mechanisms must be implemented to safely connect embedded computers to the network;
- Local firewalls. An IoT gadget doesn’t need to filter the traffic coming to the parent network. However, it must be equipped with local filters to analyze the data it is going to process.
- The rise of cooperation between large IT companies and startups;
- The growing demand for IoT educational facilities (with Microsoft, Breed Reply and Indiegogo taking the lead);
- The amount of data collected by smart gadgets will be reduced, while users will be able to filter parameters subject to analysis or even deploy the function;
- The cost of wearable gadgets will increase (powerful processors don’t come cheap);
- The IoT market will be gradually invaded by portable security hardware for smart homes (like Dojo; the engine monitors performance of IoT gadgets connected to the network and detects threats).